Error creating new authz :: Too many currently pending authorizations

phantoms · May 2, 2016, 7:09pm

Sorry if this is the wrong category for this type of post, I can re-post it somewhere else if needed.

I created a LE certificate almost 3 months ago, and it is getting very close to needing to be renewed. Every time I try to renew my certificate I am getting this error:

"There were too many requests of a given type :: Error creating new authz :: Too many currently pending authorizations."

I have been getting this error for about 2 weeks now, and I even gave it atleast a week between each time I tried to renew just in case that was an issue. I have already searched this forum and Google for some solutions, however I can't seem to find anything that helps in my case. Anyone have suggestions for me? Any other information that I need to provide?

Thanks!

schoen · May 2, 2016, 11:48pm

Hi @phantoms,

What client software are you running? Is there some way that you’ve automated a process related to it so that it runs very frequently? How many other certificates do you have?

If it is running automatically, did you get any strange errors or behavior on previous runs? (I think this error message is related to completing challenges on the client side to authorize the issuance of a cert without actually issuing the corresponding cert.)

phantoms · May 3, 2016, 12:27am

Okay, I feel like an idiot right now haha. I swear that I removed the cronjob for it that I was using before (it was mistakenly set to check every minute instead of daily or weekly), but after reviewing the letsencrypt log files I noticed that it was still running minutely. (I should have checked the log files much sooner to notice this…) Now that I have actually removed the incorrect cronjob, how long might I have to wait for the pending authorizations to clear out so I can renew the certificate?

Thanks anyway!

schoen · May 3, 2016, 9:46pm

@phantoms, apparently this rate limit should stop being a problem for you after three hours.

Could you describe what command you were using from cron? I’m curious why it generated so many authzs if it wasn’t actually renewing the cert (or did it actually attempt the renewal every single time, like with --force-renew or something?).

phantoms · May 3, 2016, 10:05pm

Still getting the same error almost 24 hours later, and I know its not being ran by cron at this point because no new logs are being generated.

I am using the le-renew-webroot script which runs this command:

/root/.local/share/letsencrypt/bin/letsencrypt certonly --standalone --agree-tos --renew-by-default --config /usr/local/etc/le-renew-webroot.ini

schoen · May 3, 2016, 10:06pm

Well, I can imagine that running with --renew-by-default every minute would end up creating rate limit problems, but I don’t know how to account for the particular authz-related limit you’re still encountering. @jsha, any thoughts on this?

phantoms · May 3, 2016, 10:18pm

Not sure if this will help out at all, but heres an image of me running the script and it displaying the error.

(hostname marked out for security reasons )

I’m just hoping that the rate limit will maybe reset after a few days before the certificate expires.

jsha · May 3, 2016, 10:43pm

Sorry, I told @schoen earlier that the pending authorizations rate limit expires after 3 hours, but it turns out it’s actually one week. When does your certificate expire?

phantoms · May 3, 2016, 10:58pm

Oh okay. It expires in a little more than a week, so I’ll be alright to wait until the rate limit resets.

Thanks for all the help guys, and I’ll be sure to update this post if it continues after a week.

phantoms · May 5, 2016, 6:49am

I tried renewing the certificate again today and successfully got it renewed, so I guess some of the pending authorizations finally cleared out. Thanks for all the help ones again guys. This thread can officially be closed